is the shared responsibility model in cloud validation?’, options: [ ‘Multiple users share the same cloud system’, ‘Division of security responsibilities between cloud provider and customer’, ‘Shared cost of cloud services’, ‘Multiple companies validate the same cloud system’ ], correct: 1, explanation: ‘The shared responsibility model defines which security aspects are managed by the cloud provider vs. the customer.’ }, { level: ‘advanced’, question: ‘What is the primary challenge in validating AI/ML systems?’, options: [ ‘High cost of implementation’, ‘Model training transparency, performance monitoring, and decision explainability’, ‘Lack of regulatory guidance’, ‘Limited computing power’ ], correct: 1, explanation: ‘AI/ML validation challenges include ensuring model training transparency, continuous performance monitoring, and decision explainability.’ }, { level: ‘advanced’, question: ‘What is retrospective validation based on?’, options: [ ‘Future predictions’, ‘Historical data and documented evidence’, ‘Theoretical calculations’, ‘Vendor certifications’ ], correct: 1, explanation: ‘Retrospective validation is based on historical data and documented evidence that the system has consistently performed as intended.’ }, { level: ‘advanced’, question: ‘What additional security measure is required for open systems under Part 11?’, options: [ ‘Firewall’, ‘Antivirus software’, ‘Encryption’, ‘Biometric authentication’ ], correct: 2, explanation: ‘Open systems require encryption (in addition to closed system controls) to ensure authenticity, integrity, and confidentiality.’ }, { level: ‘advanced’, question: ‘What is the purpose of boundary testing in OQ?’, options: [ ‘To test system at geographic boundaries’, ‘To test system at limits of operating ranges’, ‘To test system boundaries with other systems’, ‘To test organizational boundaries’ ], correct: 1, explanation: ‘Boundary testing in OQ tests the system at the limits/edges of its operating ranges to ensure it performs correctly.’ }, { level: ‘advanced’, question: ‘In SaaS validation, what is most critical to assess?’, options: [ ‘The cloud provider infrastructure only’, ‘Vendor qualification, data security, business continuity, and ongoing monitoring’, ‘Only the user interface’, ‘Just the cost of service’ ], correct: 1, explanation: ‘SaaS validation requires comprehensive assessment of vendor qualification, data security, business continuity, and continuous monitoring.’ }, { level: ‘advanced’, question: ‘What is the primary purpose of design specification?’, options: [ ‘To design the user interface’, ‘To describe detailed technical architecture and how system will be built’, ‘To specify design requirements’, ‘To design validation tests’ ], correct: 1, explanation: ‘Design specification provides detailed technical description of system architecture, components, and how it will be built.’ }, { level: ‘advanced’, question: ‘What is critical thinking in GAMP 5 context?’, options: [ ‘Being critical of validation processes’, ‘Applying scientific and risk-based approach to determine appropriate validation’, ‘Thinking critically about system design’, ‘Critical analysis of test results’ ], correct: 1, explanation: ‘GAMP 5 critical thinking means applying scientific and risk-based approach to avoid over-validation or under-validation.’ }, { level: ‘advanced’, question: ‘What